Caporal.js icon indicating copy to clipboard operation
Caporal.js copied to clipboard

Published 20 hours ago verified publisher icon mattallty

Lodash security vulnerabilites in < 4.17.21

Open DavidSampson opened this issue 4 years ago • 2 comments
trafficstars

Caporal 2.0.2 relies on lodash version 4.17.15 explicitly, which has known critical security vulnerabilities

https://github.com/lodash/lodash/issues/5083

Reliance on lodash < 4.17.21 precludes us from using Caporal for the time being due to the security hole

DavidSampson avatar May 17 '21 14:05 DavidSampson

Seems like the lodash version has been upgraded to 4.17.21.https://github.com/mattallty/Caporal.js/blob/2c11c11d5ee69bb69251b536e8b860a39e06dbd6/package.json#L126 Just need to release a new version of Caporal.

CC: @mattallty

waheedahmed avatar Feb 15 '22 07:02 waheedahmed

I also have thtis issue ( https://github.com/mattallty/Caporal.js/issues/239 ) Dependabot sends a notification "We found potential security vulnerabilities in your dependencies."

wirwolf avatar Apr 18 '22 07:04 wirwolf

Fixed

mattallty avatar Aug 28 '23 11:08 mattallty